Open the console at the setup time, otherwise the openeded
file descriptor will be considered as an inherited fd and the
startup will fail.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

This patch modifies the startup of a container to forbid opened
fds, unless these are stdios.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>

In the process of rollbacking, the handler->pid is not set
we must not kill it. Otherwsise, kill(-1, SIGKILL), ouch ! ...
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add the console.h file in order to compile the dist file.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Delete the network devices when an error occurs before they are moved
to the network namespace (network namespace destruction triggers the
network devices deletion). Otherwise they stay in the system.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Fix inconsistent function definition regarding the headers.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add a function to delete the network device by its index.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Fix the warning:

start.c: In function ‘lxc_fini’:
start.c:250: warning: implicit declaration of function ‘lxc_unlink_nsgroup’
start.c: In function ‘lxc_spawn’:
start.c:380: warning: implicit declaration of function ‘lxc_rename_nsgroup’
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

The patch fixes a build error on the devel version of Fedora.
Signed-off-by: Silas Sewell <silas@sewell.ch>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

When the umount fails, we force the umount and make the mount point
unaccessible by using a lazy umount.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

When there is no rootfs, don't create a console.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

As the console output can be a tty, we want to have the terminal to
be set as a specific manner to not echo and receive signals from the
keyboard.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

The actual behaviour of the console is messy as:
 * it relies on a heuristic (tty or not, rootfs or not, etc ...)
 * the container init stole the tty and we lose the control

The following patch:
 * allocates a tty
 * maps this tty to the container console
 * proxy the io from the console to the file specified in the configuration
 lxc.console=<file>

That allows to specify a file, a fifo, a $(tty), and can be extended with an
uri like file://mypath, net://1.2.3.4:1234, etc ...
That solves the problem with the heuristic and the container does no longer stole
our current tty.

Note by default, the console output will go to a blackhole if no configuration is
specified making the container showing nothing.

In order to access the console from the tty, use

 lxc-start -n foo -s lxc.console=$(tty)

I propose the make the container to daemonize by default now.

I tried the following:

 in a shell:
  touch /var/lib/lxc/foo/console
  tail --retry -f /var/lib/lxc/foo/console
 in another shell:
  lxc-start -n foo -s lxc.console=/var/lib/lxc/foo/console
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Use a prefixed enum to avoid conflict later.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

No need to include the lxc_conf structure definition, a forward
declaration is enough.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Use the mainloop to manage io of the console.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Factor out the console code and encapsulate the code in
functions.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

When there is an empty network namespace, we must not move the
network device.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add missing include
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Do not check CPUSET configuration when SMP is not enabled.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Increment to 0.6.5 version.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

There are several cases where the system can no longer access a mount
point or a mount point configuration makes the algorithm bogus.

For example, we mount something and then we chroot, the mount information
will give an unaccessible path and the container won't be able to start
because this mount point will be unaccessible. But if it's the case, then
we can just warn and continue running the container.

Another case is the path to a mount point is not accessible because there
is another mount point on top of it hiding the mount point. So the umount
will fail and the container won't start.

Easy to reproduce:

mkdir -p /tmp/dir1/dir2
mount -t tmpfs tmpfs /tmp/dir1/dir2
mount -t tmpfs tmpfs /tmp/dir1

So can we just ignore the error when unmounting and continue to the list again
and again until it shrinks.

At the end, we just display the list of the unmounted points.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

the last patch commit 81810dd1
make lxc to not compile anymore on rhel5u1
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Hello everyone!

I've written a patch which adds a new config keyword
'lxc.cap.drop'. This keyword allows to specify capabilities which are
dropped before executing the container binary.

Example:

lxc.cap.drop = sys_chroot
lxc.cap.drop = mknod
lxc.cap.drop = sys_module

or specify in a single line:

lxc.cap.drop = sys_chroot mknod sys_module
Reworked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

A mindless change.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

warning with git am, white before tab correction
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

The handler argument to lxc_fini() is never null.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

sv[0] has already been closed when reaching out_abort label.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

It makes sense to use goto when there's some rollback work to be done.
And it's nice for code clarity to add an explicit suffix to goto labels.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

I noticed lxc-console uses '^a' as command-mode prefix to
escape out of console session, so created a patch to make it
configurable. With this, you can do

  lxc-console -n foo -e ^t

and exit the session with 'Ctrl+t q'.

For emacs-binding addicts (like me), it's always nice to
let shell handle '^a' as 'beginning-of-line' command...
Signed-off-by: Taisuke Yamada <tai@rakugaki.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>